#VU37353 Input validation error in Samsung Mobile - CVE-2018-9142
Published: March 30, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU37353
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-9142
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Samsung Mobile
Samsung Mobile
Software vendor:
Samsung
Samsung
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.
Remediation
Install update from vendor's website.